Merge branch 'simplepolicy-announce-leak' into 'develop'

Fix reposts leaking through from blocked domains See merge request soapbox-pub/soapbox!11
2021-04-30 19:56:33 +00:00 · 2021-04-30 19:56:33 +00:00 · 1d0d5a8963
commit 1d0d5a8963
parent fe7e03e6dc 64c6dd27b9
3 changed files with 48 additions and 1 deletions
--- a/CHANGELOG_soapbox.md
+++ b/CHANGELOG_soapbox.md
@ -18,4 +18,5 @@ Based on Pleroma 2.3.0-stable.
 - Twitter-like block behavior is now the default.

 ### Fixed
+- Domain blocks: reposts from a blocked domain are now correctly blocked.
 - Fixed some (not all) Markdown issues, such as broken trailing slash in links.
--- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
@ -181,6 +181,14 @@ defp check_banner_removal(%{host: actor_host} = _actor_info, %{"image" => _image

  defp check_banner_removal(_actor_info, object), do: {:ok, object}

+  defp check_object(%{"object" => object} = activity) do
+    with {:ok, _object} <- filter(object) do
+      {:ok, activity}
+    end
+  end
+
+  defp check_object(object), do: {:ok, object}
+
  @impl true
  def filter(%{"type" => "Delete", "actor" => actor} = object) do
    %{host: actor_host} = URI.parse(actor)
@ -206,7 +214,8 @@ def filter(%{"actor" => actor} = object) do
         {:ok, object} <- check_media_nsfw(actor_info, object),
         {:ok, object} <- check_ftl_removal(actor_info, object),
         {:ok, object} <- check_followers_only(actor_info, object),
-         {:ok, object} <- check_report_removal(actor_info, object) do
+         {:ok, object} <- check_report_removal(actor_info, object),
+         {:ok, object} <- check_object(object) do
      {:ok, object}
    else
      {:reject, nil} -> {:reject, "[SimplePolicy]"}
@ -231,6 +240,19 @@ def filter(%{"id" => actor, "type" => obj_type} = object)
    end
  end

+  def filter(object) when is_binary(object) do
+    uri = URI.parse(object)
+
+    with {:ok, object} <- check_accept(uri, object),
+         {:ok, object} <- check_reject(uri, object) do
+      {:ok, object}
+    else
+      {:reject, nil} -> {:reject, "[SimplePolicy]"}
+      {:reject, _} = e -> e
+      _ -> {:reject, "[SimplePolicy]"}
+    end
+  end
+
  def filter(object), do: {:ok, object}

  @impl true
--- a/test/pleroma/web/activity_pub/mrf/simple_policy_test.exs
+++ b/test/pleroma/web/activity_pub/mrf/simple_policy_test.exs
@ -260,6 +260,30 @@ test "actor has a matching host" do

      assert {:reject, _} = SimplePolicy.filter(remote_user)
    end
+
+    test "reject Announce when object would be rejected" do
+      clear_config([:mrf_simple, :reject], ["blocked.tld"])
+
+      announce = %{
+        "type" => "Announce",
+        "actor" => "https://okay.tld/users/alice",
+        "object" => %{"type" => "Note", "actor" => "https://blocked.tld/users/bob"}
+      }
+
+      assert {:reject, _} = SimplePolicy.filter(announce)
+    end
+
+    test "reject by URI object" do
+      clear_config([:mrf_simple, :reject], ["blocked.tld"])
+
+      announce = %{
+        "type" => "Announce",
+        "actor" => "https://okay.tld/users/alice",
+        "object" => "https://blocked.tld/activities/1"
+      }
+
+      assert {:reject, _} = SimplePolicy.filter(announce)
+    end
  end

  describe "when :followers_only" do